View Single Post
  #1   (View Single Post)  
Old 11th October 2008
chavez243 chavez243 is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Leamington, ON
Posts: 50
Default FBSD 7 network noise

system is FreeBSD 7.0 running IPFW - identical ruleset was previously used on a 6.3 box, without a problem. Systems is still serving network requests, just seems to be a lot of noise in the logs.

/var/log/messages:

Code:
+TCP: [72.14.199.31]:43509 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [216.8.136.153]:23 to [192.168.1.250]:51927 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:51839
+TCP: [61.135.168.39]:42953 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
+TCP: [61.135.168.39]:42953 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
+TCP: [216.8.136.153]:23 to [192.168.1.250]:59739 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:57802
+TCP: [216.8.136.153]:23 to [192.168.1.250]:61578 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:62181
+TCP: [216.8.136.153]:23 to [192.168.1.250]:58202 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:55902
+TCP: [216.8.136.153]:23 to [192.168.1.250]:52711 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:54350
+TCP: [216.8.136.153]:23 to [192.168.1.250]:60997 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:64516
+TCP: [208.113.203.27]:80 to [192.168.1.250]:61485 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 237 bytes of data after socket was closed, sending RST and removing tcpcb
+TCP: [216.8.136.153]:23 to [192.168.1.250]:52134 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:50867
+TCP: [216.8.136.153]:23 to [192.168.1.250]:58241 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:59601
+TCP: [216.8.136.153]:23 to [192.168.1.250]:58544 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:51568
+TCP: [216.8.136.153]:23 to [192.168.1.250]:56565 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:57846
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (1) SYN|ACK
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (2) SYN|ACK
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (1) SYN|ACK
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (2) SYN|ACK
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (3) SYN|ACK
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Response timeout, retransmitting (3) SYN|ACK
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80; syncache_timer: Retransmits exhausted, giving up and removing syncache entry
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80; syncache_timer: Retransmits exhausted, giving up and removing syncache entry
+TCP: [216.8.136.153]:23 to [192.168.1.250]:64811 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:61514
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2510 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [87.192.20.4]:2523 to [192.168.1.250]:80 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
+TCP: [216.8.136.153]:23 to [192.168.1.250]:60379 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:58747
+TCP: [216.8.136.153]:23 to [192.168.1.250]:53360 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_2: Received 12 bytes of data after socket was closed, sending RST and removing tcpcb
+Connection attempt to UDP 192.168.1.250:23 from 192.168.1.250:61281
+TCP: [61.135.168.39]:53090 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
+TCP: [61.135.168.39]:53090 to [192.168.1.250]:80 tcpflags 0x4<RST>; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored
I'm not sure if 7.0 is just more verbose, or if the network stack is a bit wonky.

thoughts?
Reply With Quote